How safe is your quantified self? Tracking, monitoring, and wearable tech #piday #raspberrypi @Raspberry_Pi
Symantec has used a Raspberry Pi to discover security breaches in wearable tech. Via BBC News.
People who use wearable gadgets to monitor their health or activity can be tracked with only $70 (£40) of hardware, research suggests.
The work, carried out by security firm Symantec, used a Raspberry Pi computer to grab data broadcast by the gadgets.
The snooping Pi was taken to parks and sporting events where it was able to pick out individuals in the crowds.
Symantec said makers of wearables need to do a better job of protecting privacy and handling data they gather.
The research team used a barebones Raspberry Pi computer to which they added a Bluetooth radio module to help sniff for signals. At no time did the device try to connect to any wearable. Rather, it just scooped up data being broadcast from gadgets close by.
Symantec said the eavesdropping was possible because most wearables were very simple devices that communicated with a smartphone or a laptop when passing on data they have collected.
The researchers, Mario Barcena, Candid Wueest and Hon Lau, took their Pi to busy public places in Switzerland and Ireland, including sporting events, to see what data they could grab.
“All the devices we encountered can be easily tracked using the unique hardware address they transmit,” the team wrote in a blogpost.
Some of the devices picked up were also susceptible to being probed remotely to make them reveal serial numbers or other identifying information. It would be “trivial”, said the researchers, for anyone with a modicum of computer and electronics knowledge to gather this information.
Each Friday is PiDay here at Adafruit! Be sure to check out our posts, tutorials and new Raspberry Pi related products. Adafruit has the largest and best selection of Raspberry Pi accessories and all the code & tutorials to get you up and running in no time!
Stop breadboarding and soldering – start making immediately! Adafruit’s Circuit Playground is jam-packed with LEDs, sensors, buttons, alligator clip pads and more. Build projects with Circuit Playground in a few minutes with the drag-and-drop MakeCode programming site, learn computer science using the CS Discoveries class on code.org, jump into CircuitPython to learn Python and hardware together, or even use Arduino IDE. Circuit Playground Express is the newest and best Circuit Playground board, with support for MakeCode, CircuitPython, and Arduino. It has a powerful processor, 10 NeoPixels, mini speaker, InfraRed receive and transmit, two buttons, a switch, 14 alligator clip pads, and lots of sensors: capacitive touch, IR proximity, temperature, light, motion and sound. A whole wide world of electronics and coding is waiting for you, and it fits in the palm of your hand.
Python for Microcontrollers — sysfs is dead! long live libgpiod! libgpiod for linux & Python running hardware @circuitpython @micropython @ThePSF #Python @Adafruit #Adafruit
Get the only spam-free daily newsletter about wearables, running a "maker business", electronic tips and more! Subscribe at AdafruitDaily.com !
Having the actual data leaked would be a problem, but if its just the address I don’t see the problem. CCTV cameras already watch our faces (maybe with facial recognition and tracking on the back-end), and there is nothing preventing somebody with a telephoto lens from getting more detail and maybe even our voice with a parabolic or other directional mic.
Sure, if you were being specifically targeted they could follow you home easier with the help of two dongles. But if you are using a wearable, you are already using a cellphone which can be tracked in itself.
So my reaction to articles like these are, meh!